WebProNews

Fast-flux servers key to threat

Hundreds of blogs on the Bloggers service have been found to contain links to servers that will infect visitors with the notorious Storm worm.

Stay away from links wishing you New Year's happiness on Blogger sites. There is a good chance these links go to a dangerous destination.

Security vendor Trend Micro reported seeing the explosion of Blogger pages containing these links. Researcher Paul Ferguson detailed this rapid rise:

However, in the past 24 hours, there seems to be hundreds of blogs which have appeared that now have singular links to a set of fast-flux servers that infects the user with the Storm Worm (a.k.a. NuWar — Trend Micro detects this as WORM_NUCRP.GEN). These “blogs” have nothing more than a reference to a “…Wishing You a Happy New Year…” or something similar, and a link to one of the server names which will infect the user with the Storm Worm.

Fast-flux provides obfuscation to the malicious servers harboring the worm. This makes it difficult to identify the machines dealing out the threat. The Honeynet Project said fast-flux involves a fully qualified domain name having hundreds or even thousands of round-robin IP addresses with very short Time To Live for each record.

People seeing New Year's links on Blogger pages similar to the ones in the Trend Micro screenshot should report them to Google. And don't click on them.